CVE-2026-29783: GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution

March 6, 2026

A security vulnerability has been identified in GitHub Copilot CLI’s shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository files, MCP server responses, or user instructions) can exploit bash parameter transformation operators to execute hidden commands, bypassing the safety assessment that classifies commands as “read-only.”

References

github.com/advisories/GHSA-g8r9-g2v8-jv6f
github.com/github/copilot-cli
github.com/github/copilot-cli/security/advisories/GHSA-g8r9-g2v8-jv6f
nvd.nist.gov/vuln/detail/CVE-2026-29783

Code Behaviors & Features

Detect and mitigate CVE-2026-29783 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →